Skip to Content

AZ-500: What Are the Default Inbound Security Rules for an Azure NSG?

By: Author Alex Lim

Posted on

Categories AZ-500

Home » Exam » AZ-500 » AZ-500: What Are the Default Inbound Security Rules for an Azure NSG?

Do Azure Network Security Groups Allow RDP Port 3389 by Default?

Find out if Azure Network Security Groups include a default rule to allow RDP on port 3389. Understand the default NSG rule set and why remote access is denied by default for the AZ-500 exam.

Question

Network Security Groups include a rule to allow RDP access on which port by default?

A. TCP 22
B. TCP 443
C. TCP 3389
D. None of the above

Answer

D. None of the above

Explanation

No rule is configured to enable remote access by default.

The statement is correct because a newly created Azure Network Security Group (NSG) does not include any rule that allows inbound Remote Desktop Protocol (RDP) access by default. Azure NSGs operate on a “secure by default” principle, meaning all inbound traffic from the internet is denied unless explicitly allowed.

Every NSG is created with a set of non-removable, low-priority default rules. The key inbound rules are:

  • AllowVnetInBound: This rule allows traffic originating from any resource within the same virtual network.
  • AllowAzureLoadBalancerInBound: This rule allows health probes from Azure’s load balancer to reach the resources.
  • DenyAllInBound: This is the final rule in the set, with the lowest priority (highest number). It blocks all inbound traffic that has not been explicitly allowed by a higher-priority rule.

Because of the DenyAllInBound rule, any connection attempt from the internet, including RDP on TCP port 3389 or SSH on TCP port 22, will be blocked. To enable RDP access, an administrator must manually create a new inbound security rule with a higher priority (a lower number, e.g., 300) that specifically allows traffic on port 3389 from a defined source. It is a security best practice to restrict the source to a specific IP address or range rather than allowing access from Any or Internet.

Microsoft AZ-500 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Microsoft AZ-500 exam and earn Microsoft AZ-500 certification.